安全的未来：数据和身份是同一枚硬币的两个侧面

我们的世界继续以数据为中心，这就是为什么不断发展的安全形势需要新的流程和技术来保护数据。

Our world continues to revolve around data – and that’s why the evolving security landscape demands new processes and technologies to secure it.

我们的世界继续以数据为中心，这就是为什么不断发展的安全形势需要新的流程和技术来保护数据。

By 2025 the global dataverse will reach a massive 181 zettabytes. While this explosion will undoubtedly lead to unprecedented opportunities for business, it also amplifies the risk factors – particularly when it comes to protecting business-critical data.

到 2025 年，全球数据空间将达到 181 ZB。虽然这种爆炸式增长无疑将为企业带来前所未有的机遇，但它也放大了风险因素——尤其是在保护关键业务数据方面。

One security challenge stands out: identity. After all, we must make data accessible to business stakeholders, whether internal, or third-party, for it to get used to enter new markets, analyze customer insights, and develop new products to outpace the competition.

一项突出的安全挑战是：身份。毕竟，我们必须让业务利益相关者（无论是内部利益相关者还是第三方）能够访问数据，以便利用数据进入新市场、分析客户洞察并开发新产品以超越竞争对手。

In the age of AI, where 72% of teams say they are already leveraging some form of AI services at work, the lines between data and identity security are starting blur more than ever.

在人工智能时代，72% 的团队表示他们已经在工作中利用某种形式的人工智能服务，数据和身份安全之间的界限开始比以往任何时候都更加模糊。

Think about an enterprise Co-Pilot, like Microsoft Co-Pilot or Glean. Those of us in the industry refer to these as non-human identities (NHI). These apps let employees quickly and efficiently find the information they are looking for across Microsoft 365, Google Drive, Box, Confluence, Notion, and many other platforms. However, the ability to do so securely depends on the native permissions in these platforms.

考虑一下企业 Co-Pilot，例如 Microsoft Co-Pilot 或 Glean。我们业内人士将这些称为非人类身份 (NHI)。这些应用程序可让员工在 Microsoft 365、Google Drive、Box、Confluence、Notion 和许多其他平台上快速高效地查找所需的信息。然而，安全地执行此操作的能力取决于这些平台中的本机权限。

So why we are only now discussing the need to align data and identity. To me, it’s a simple answer: few security vendors in the market address this convergence effectively. This forced security teams to manually stitch together disparate processes and tools on their own. Data discovery and classification tools of the past struggled with speed, the ability to support hybrid environments, and had poor precision – which led to false positives, and weakened data security posture.

那么为什么我们现在才讨论调整数据和身份的必要性。对我来说，这是一个简单的答案：市场上很少有安全供应商能够有效地解决这种融合问题。这迫使安全团队自己手动将不同的流程和工具拼接在一起。过去的数据发现和分类工具在速度、支持混合环境的能力方面存在困难，并且精度较差，从而导致误报并削弱数据安全态势。

But technology was not the only factor. Siloed internal security processes, disparate organizations, and a lack of communication across these teams also played an important role. Data was left to the data security team. Identity was left to the identity management team.

但技术并不是唯一的因素。孤立的内部安全流程、不同的组织以及这些团队之间缺乏沟通也发挥了重要作用。数据留给了数据安全团队。身份留给身份管理团队。

Moving forward, the days of viewing data and identity as distinct entities are numbered. These two sides of the same coin must be integrated more closely than ever before. Data security teams are asking where their sensitive data resides and who has access to it, and identity teams are asking if this user should have access to this data. This helps make it simpler for security teams to align data security with identity management, and helps foster the zero-trust principle of minimizing over-privileged access.

展望未来，将数据和身份视为不同实体的日子已经屈指可数了。同一枚硬币的两面必须比以往更加紧密地结合在一起。数据安全团队询问他们的敏感数据驻留在哪里以及谁有权访问这些数据，而身份团队则询问该用户是否应该有权访问这些数据。这有助于安全团队更轻松地将数据安全与身份管理结合起来，并有助于促进最大限度地减少过度特权访问的零信任原则。

Data security programs must work to include identity access management, and identity access management programs must work to include data security. We don’t have to make this difficult: Security teams need to know where their sensitive data resides and who or what has access to that data. And, identity managers need to know what identities are operating within their environment, and then, under what context.

数据安全计划必须包括身份访问管理，而身份访问管理计划必须包括数据安全。我们不必让这变得困难：安全团队需要知道他们的敏感数据驻留在哪里以及谁或什么可以访问该数据。而且，身份管理者需要知道哪些身份在其环境中运行，以及在什么上下文中运行。

When speaking with CISOs about this, I like to use what we call “The OneDrive” scenario. Consider the security implications if a service like OneDrive were compromised for the company’s top 20 executives:

当与 CISO 谈论这个问题时，我喜欢使用我们所说的“OneDrive”场景。考虑一下如果像 OneDrive 这样的服务对公司的 20 名最高管理人员来说受到损害，会产生哪些安全影响：

In 99% of cases, nobody knows. It’s critical that organizations can quickly discover and classify their data across all of their environments, understand who and what – both human and non-human identities – have access to sensitive data – as well as remediate unnecessary access.

99%的情况下，没有人知道。至关重要的是，组织可以在所有环境中快速发现数据并对其进行分类，了解谁和什么（人类和非人类身份）可以访问敏感数据，并纠正不必要的访问。

The inability for most to respond to these questions underscores the importance of understanding the interconnectedness of data and identity. By getting this right, the time to value becomes immediate. Teams can minimize overprivileged access to align with zero-trust principles of data access. They can safely adopt AI without increasing business risk.

大多数人无法回答这些问题，这凸显了理解数据和身份相互关联性的重要性。通过正确处理这一点，实现价值的时间就会变得立竿见影。团队可以最大限度地减少特权访问，以符合数据访问的零信任原则。他们可以安全地采用人工智能，而不会增加业务风险。

The future of security lies in a unified approach that treats data and identity as two sides of the same coin. It takes co-evolution – the process of continuing to evolve together. Only such as unified approach will let us adopt AI securely. Security teams that do this well will win the hearts and minds of the businesses.

安全的未来在于采用统一的方法，将数据和身份视为同一枚硬币的两面。它需要共同进化——持续共同进化的过程。只有这样统一的方法才能让我们安全地采用人工智能。做得好的安全团队将赢得企业的青睐。